I would like to know about the reasons for Undernets security policy, if you can call it that.

I'm using IRC a lot (different networks actually) and it surprises me that Undernet decided to ban all Tor exits. I'm on Tor a lot for privacy reasons and the other networks I use have no problem with that. But on Undernet, I only get the (incorrect, using Linux) Moosoft Trojan alert or the forbidden message. However, Undernet hosts lots of C&C channels and floods and spambots are very common, so it can't be really about security. Also it seems staff doesn't care (saw a thread here about reported C&C channels, and nobody really did anything about them).

Tor+SSL are a great way to keep your things private when you use public wireless networks a lot like I do.

So what's the reason for the Tor ban? The botnets don't use it. And please no replies like "do not want" or "deal with it": I expect a serious reply to a serious question.

Sabin

Post subject: Re: Annyoing "security" policy

Posted: Tue Jul 13, 2010 6:11 pm

Joined: Fri Dec 16, 2005 8:13 pmPosts: 15Location: Romania

The "Moosoft Trojan alert or the forbidden message" you are talking about it is a gline reason, a gline is a ban on all undernet servers. If you scanned your computer for malware/worms/viruses and nothing was found mail abuse@undernet.org with your ip address and reason of gline, ask for further clarification and removal of gline. As for abusive bots/botnets you can mail abuse-exploits@underent.org with precise info as: ips/hosts, channels mentioned in the message body text, not files attached.

_________________

Torman

Post subject: Re: Annyoing "security" policy

Posted: Wed Jul 14, 2010 1:10 pm

Joined: Sun Jul 11, 2010 1:23 pmPosts: 14

I don't know if you bothered to read my posting in detail.

First: I'm running Linux, your Moosoft tool is Windows only. Given that over the past 15 years I never had a virus or trojan onone of my Linux installs, I'm very positive that my system is clean.

I get this lots of times for many different IPs, namely the exit nodes.

Fourth: Just look around on this forum. Many users have mentioned about 40-50% botnet/drones on the network, and nothing ever seems to happen.

Fifth: All that said, I want to know the reason. Undernet has a major problem with tolerated abuse, so the crackdown on Tor makes no sense.I would not complain if 90% of the problems came from Tor, but let's face it: drone herders have networks a few magnitudes larger and don't need it.

I just want ensure my privacy and security. Nothing more, but also nothing less.

Torman

Post subject: Re: Annyoing "security" policy

Posted: Mon Jul 19, 2010 4:42 pm

Joined: Sun Jul 11, 2010 1:23 pmPosts: 14

Can I get a reply, or will this just be some sort of "we don't care, let's ignore him thread"?

Eenie

Post subject: Re: Annyoing "security" policy

Posted: Wed Jul 21, 2010 1:04 am

Forum Super Moderator

Joined: Tue Aug 20, 2002 1:00 amPosts: 606Location: Virginia, USA

Torman wrote:

Can I get a reply, or will this just be some sort of "we don't care, let's ignore him thread"?

No one is ignoring you on purpose.

You have not been answered, apparently because no one has an answer for you at this time.

JMO.

~Eenie

_________________Just a small fish in a big sea

jumpdriver

Post subject: Re: Annyoing "security" policy

Posted: Wed Jul 21, 2010 9:28 am

Joined: Wed Jul 21, 2010 9:24 amPosts: 3

How could there be no answer? It's a pretty simple question.

Torman

Post subject: Re: Annyoing "security" policy

Posted: Wed Jul 21, 2010 11:24 am

Joined: Sun Jul 11, 2010 1:23 pmPosts: 14

Eenie: Thanks for the reply.

No offense, but does that mean nobody here knows why a legitimate service like Tor has been blocked?

Since Undernet knows the IP's of the exit nodes, why not simply cloaking users? Like e.g. <nick>!<user>@<random>.tor.undernet.org? That way, every op can simply decide if he wants Tor users or not in his channel by setting a ban on the *!*@*.tor.undernet.org mask.

Tor is an major service for freedom. Reasons may be as simple as coming to IRC from an untrusted hotspot, but also as important as avoiding monitoring by an oppressive regime (China, North Korea, Iran, etc). For me, IRC was always about freedom of speech and it would hurt to see that freedom being taken away.

Yes, I'm annoyed by all that and pardon me if it shows. Perhaps somebody could bring this thread to the attention of those who decide to do such large bans.

xplo

Post subject: Re: Annyoing "security" policy

Posted: Thu Jul 22, 2010 12:05 am

Joined: Mon Jun 04, 2007 1:06 amPosts: 182Location: Behind You!

Torman wrote:

Can I get a reply, or will this just be some sort of "we don't care, let's ignore him thread"?

its pretty simple, TOR are mostly used to abuse, evade glines/bans and we do not support that.. undernet in the last 5yrs has not moved a lot, and now its making progress to erradicate floods/abuse/evading with improvements like this one. Sorry for the innocents who are caught in the fishnet, but.. there are alternatives..

i hope next step would be regex patterns usage in bans/gline

the answer is simple: Don't use TOR, its banned. use your own ip and hide it with user mode +x, for this you will need a username, get one at http://cservice.undernet.org/live

and again.. TOR are banned due to abuse.. Its a Good step that i completely support. you should too, i understand your "for privacy" but put yourself in our shoes..

_________________Go to hell with your questions, my time is done here.It was fun, but this network is sooooo corrupted by morons, its not worth it.

Eenie

Post subject: Re: Annyoing "security" policy

Posted: Thu Jul 22, 2010 2:42 am

Forum Super Moderator

Joined: Tue Aug 20, 2002 1:00 amPosts: 606Location: Virginia, USA

xplo wrote:

Torman wrote:

Can I get a reply, or will this just be some sort of "we don't care, let's ignore him thread"?

its pretty simple, TOR are mostly used to abuse, evade glines/bans and we do not support that.. undernet in the last 5yrs has not moved a lot, and now its making progress to erradicate floods/abuse/evading with improvements like this one. Sorry for the innocents who are caught in the fishnet, but.. there are alternatives..

i hope next step would be regex patterns usage in bans/gline

the answer is simple: Don't use TOR, its banned. use your own ip and hide it with user mode +x, for this you will need a username, get one at http://cservice.undernet.org/live

and again.. TOR are banned due to abuse.. Its a Good step that i completely support. you should too, i understand your "for privacy" but put yourself in our shoes..

Coloured in red above by me.

Whose shoes are those? Are you now an official representative of our network, xplo?

~Eenie

_________________Just a small fish in a big sea

Torman

Post subject: Re: Annyoing "security" policy

Posted: Thu Jul 22, 2010 1:27 pm

Joined: Sun Jul 11, 2010 1:23 pmPosts: 14

Quote:

evade glines/bans

What about those users without static IP addresses? Resetting a router is all they need to do to evade a ban. Want to gline all ISP's who use DHCP?

Quote:

its making progress to erradicate floods/abuse/evading with improvements like this one

I would not call that an improvement; it's exactly the opposite.

Quote:

there are alternatives

Like?

Quote:

next step would be regex patterns

No offense, but I seriously hope you won't make those regexp.

Quote:

the answer is simple: Don't use TOR

My conclusion can be equally simple: don't use Undernet. I don't really want to use that option though; but it's a last resort measure.

Quote:

use your own ip and hide it with user mode +x

Which helps not a single bit if you come from an untrusted and/or snooping network.

Quote:

TOR are banned due to abuse.. Its a Good step that i completely support

I've seen lots of abuse coming from e.g. Comcast too. Or Russia and China if you want to be more general. May I make another suggestion for some large bans?

Quote:

"for privacy"

Putting that in quotes makes it sound like you consider it an excuse from me to continue with abuse, which has the nasty taste of calling me a liar.

So xplo, why not cloaking Tor users like I suggested? Or do you think Undernet shouldn't let ops decide who to let into their channels? Cloaking is such a simple fix with benefits for both sides.

See, I don't like drones either. I would not mind to solve a captcha to connect. Somewhat like the "/quote pass" line for broken idents: post an URL to an image. The user looks at it and replies to connect. Voilà, no more drones until they do OCR (and then it's only a matter of minutes to change the captcha layout).

MartYanu2

Post subject: Re: Annyoing "security" policy

Posted: Thu Jul 22, 2010 3:48 pm

#Userguide Member

Joined: Sat May 15, 2004 12:19 pmPosts: 39Location: The land of nowhere

Erm, that must hurt!

xplo

Post subject: Re: Annyoing "security" policy

Posted: Thu Jul 22, 2010 11:50 pm

Joined: Mon Jun 04, 2007 1:06 amPosts: 182Location: Behind You!

Eenie wrote:

xplo wrote:

Torman wrote:

Can I get a reply, or will this just be some sort of "we don't care, let's ignore him thread"?

its pretty simple, TOR are mostly used to abuse, evade glines/bans and we do not support that.. undernet in the last 5yrs has not moved a lot, and now its making progress to erradicate floods/abuse/evading with improvements like this one. Sorry for the innocents who are caught in the fishnet, but.. there are alternatives..

i hope next step would be regex patterns usage in bans/gline

the answer is simple: Don't use TOR, its banned. use your own ip and hide it with user mode +x, for this you will need a username, get one at http://cservice.undernet.org/live

and again.. TOR are banned due to abuse.. Its a Good step that i completely support. you should too, i understand your "for privacy" but put yourself in our shoes..

Coloured in red above by me.

Whose shoes are those? Are you now an official representative of our network, xplo?

~Eenie

i am a well known user/volunteer since a freaking long time ago, no need to act like you own the place! by OUR i ment Undernet's users who are freaking annoyed of proxy/TOR usage with floodbots/spammers/evadersi NEVER pretended to be an official, you can see this via /msg x verify xplo from irc..

you should take a nap or something....

Focus on the RED part

Last edited by xplo on Fri Jul 23, 2010 12:07 am, edited 1 time in total.

_________________Go to hell with your questions, my time is done here.It was fun, but this network is sooooo corrupted by morons, its not worth it.

xplo

Post subject: Re: Annyoing "security" policy

Posted: Thu Jul 22, 2010 11:58 pm

Joined: Mon Jun 04, 2007 1:06 amPosts: 182Location: Behind You!

Torman wrote:

So xplo, why not cloaking Tor users like I suggested? Or do you think Undernet shouldn't let ops decide who to let into their channels? Cloaking is such a simple fix with benefits for both sides.

See, I don't like drones either. I would not mind to solve a captcha to connect. Somewhat like the "/quote pass" line for broken idents: post an URL to an image. The user looks at it and replies to connect. Voilà, no more drones until they do OCR (and then it's only a matter of minutes to change the captcha layout).

this will never happen here, it took ages to get something moving here...

and as alternative, get a Bouncer, (psyBNC, ZNC, Sbnc) those are alternative. get a secured shell, your own bouncer, and we will never need to discuss about it ever.

like i said above, TOR are used to evade glines/bans. and you don't need to try and be rude, this forum is for support from the undernet's community, and from the people who actually care about helping those in need, i answered your question the best i can, i am NOT an oper/admin, and if my post was incorrect, i am SURE one would have replied something different. ( except flaming like the one above, excuse her.. it happens..)

_________________Go to hell with your questions, my time is done here.It was fun, but this network is sooooo corrupted by morons, its not worth it.

MrEen

Post subject: Re: Annyoing "security" policy

Posted: Fri Jul 23, 2010 12:31 am

Joined: Thu Apr 28, 2005 3:03 amPosts: 111Location: Virginia, USA

xplo wrote:

( except flaming like the one above, excuse her.. it happens..)

Sensitive much?

By the way, the simple act of asking you a question does not automatically make it a flame.

JMO, and sorry to go off-topic.

MrEen

_________________The bigger fish.

Torman

Post subject: Re: Annyoing "security" policy

Posted: Fri Jul 23, 2010 12:07 pm

Joined: Sun Jul 11, 2010 1:23 pmPosts: 14

Quote:

this will never happen here

I agree that a captcha solution takes quite a lot of work to set up correctly; but it would solve the drone problem very efficiently.

Quote:

and as alternative, get a Bouncer

I'm not sure if you understand the situation correctly. You're telling me to buy a shell for a bouncer to keep on using the free service Undernet provides (don't get me wrong, I honestly appreciate that service), but there would be no additional value. Other networks are also free and allow Tor which I want to use. You're making me choose between free (as in beer) and a monthly fee for the same services. And frankly, moving channels is easy.

Quote:

you don't need to try and be rude

If I would have a reason to be rude to you, it would show very clearly. I don't need to beat around the bush.

Blatantly spoken, I'm not really buying the evade argument. We can talk about it when IPv6 has taken over and everything online has a static IP, but until then ISP's will keep on using DHCP with their IPv4 address pools. As long as that's the case, evading a ban is a piece of cake, even for the most retarded troll.

Tor has, at best times, maybe 1,500 exits online. If I stay with my Comcast example from earlier, then you will notice that they currently have 21,124,218 useable DHCP IP's (http://postmaster.comcast.net/dynamic-IP-ranges.aspx). If an op bans a Comcast troll, he just needs to reset his modem and comes back. If that goes on long enough to annoy the op to a certain level, the op will set a ban on *.comcast.net or if he is nice enough to e.g. *.fl.comcast.net "only", blocking millions of hosts. A troll evading through Tor (with a cloaked host) would only cause a colateral damage of 1,500 hosts.

Furthermore, you don't know how many users simply leave without talking about it. When I had my channels on Dalnet and attacks brought it down, all I had to do was to notify the regulars to pass on the message that we will switch networks. One could even just add a CNAME/A irc.* record to his domain and move without having users to change settings. You think I told Dalnet about it back then? I brought this up here because I actually like coming to Undernet, despite the problems with drones/floods/spam. By the way, that's more or less how Undernet itself was born too: users got annoyed with EFnet because nothing was done (or the wrong things were done).

My hostmask/cloak suggestion still stands and I see nothing bad with it. Not only will it hand ban control over to the channel ops, but it is trivial and would also send out a message: Undernet values freedom of speech.

Who is online

Users browsing this forum: Google [Bot] and 1 guest

You cannot post new topics in this forumYou cannot reply to topics in this forumYou cannot edit your posts in this forumYou cannot delete your posts in this forumYou cannot post attachments in this forum